Description This article describes how to avoid issues with an IBGP
route being preferred over an EBGP route. Scope FortiGate. Solution If
the same route is learned through EBGP and IBGP, the EBGP route is
generally activated due to its lower adminis...
Description This article describes how to check the routes configured
using the HA reserved management interface on the FortiGate HA setup.
Scope FortiGate HA. Solution The HA direct management interface and the
route can be configured from the GUI a...
Description This article discusses the possible scenarios where the user
is able to see specific packets under the 'diagnose sniffer' output, but
it is not possible to see the packet leaving the firewall and no outputs
in the 'debug flow trace'. Scop...
Description This article describes the case where it is required to
block ICMP requests originating from Firewall to specific
destinations/geolocations, FortiGate administrator can use
interface-policy along with custom-IPS signature. This article de...
Ideally the upgrade happens in below steps. 1. Upgrade of backup unit
(The sessions continue to flow through the Primary unit) 2. Once backup
is upgraded and rebooted, failover happens (sessions are moved to
upgraded node at this time) 3. The old pri...
With "uninterruptible-upgrade enable", there is no traffic drop
expected. Are you saying, you are getting 1min downtime even with this
setting?https://community.fortinet.com/t5/FortiGate/Technical-Tip-FortiGate-HA-upgrade-procedure-and-the-status/ta-...
I think this matches your issue. Please test the solution suggested
here.https://community.fortinet.com/t5/Support-Forum/PC-losing-internet-connectivity-while-using-FortiClient/m-p/77508
https://community.fortinet.com/t5/Support-Forum/Connect-to-IPSe...
config webfilter urlfilter, this is the hierarchy. The syntax in the CLI
for configuring an entry is: #config webfilter urlfilteredit config
entriesedit 1set url set referrer-host set type {simple |
regex | wildcard}set action {block | allow | monito...
Can you confirm if you have configured "set net-device enable" under
phase1 ? If not, please try the below.configure "set net-device enable"
under phase1change route-overlap to allow under phase2 disable
net-device again under phase1